CVE-2022-50372

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-50372
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-50372.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-50372
Downstream
Published
2025-09-17T14:56:27Z
Modified
2025-10-08T13:46:23.941330Z
Summary
cifs: Fix memory leak when build ntlmssp negotiate blob failed
Details

In the Linux kernel, the following vulnerability has been resolved:

cifs: Fix memory leak when build ntlmssp negotiate blob failed

There is a memory leak when mount cifs: unreferenced object 0xffff888166059600 (size 448): comm "mount.cifs", pid 51391, jiffies 4295596373 (age 330.596s) hex dump (first 32 bytes): fe 53 4d 42 40 00 00 00 00 00 00 00 01 00 82 00 .SMB@........... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<0000000060609a61>] mempoolalloc+0xe1/0x260 [<00000000adfa6c63>] cifssmallbufget+0x24/0x60 [<00000000ebb404c7>] _smb2plainreqinit+0x32/0x460 [<00000000bcf875b4>] SMB2sessallocbuffer+0xa4/0x3f0 [<00000000753a2987>] SMB2sessauthrawntlmsspnegotiate+0xf5/0x480 [<00000000f0c1f4f9>] SMB2sesssetup+0x253/0x410 [<00000000a8b83303>] cifssetupsession+0x18f/0x4c0 [<00000000854bd16d>] cifsgetsmbses+0xae7/0x13c0 [<000000006cbc43d9>] mountgetconns+0x7a/0x730 [<000000005922d816>] cifsmount+0x103/0xd10 [<00000000e33def3b>] cifssmb3domount+0x1dd/0xc90 [<0000000078034979>] smb3gettree+0x1d5/0x300 [<000000004371f980>] vfsgettree+0x41/0xf0 [<00000000b670d8a7>] pathmount+0x9b3/0xdd0 [<000000005e839a7d>] _x64sysmount+0x190/0x1d0 [<000000009404c3b9>] dosyscall64+0x35/0x80

When build ntlmssp negotiate blob failed, the session setup request should be freed.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
49bd49f983b5026e4557d31c5d737d9657c4113e
Fixed
fa5a70bdd5e565c8696fb04dfe18a4e8aff4695d
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
49bd49f983b5026e4557d31c5d737d9657c4113e
Fixed
30b2d7f8f13664655480d6af45f60270b3eb6736

Affected versions

v5.*

v5.16
v5.16-rc1
v5.16-rc2
v5.16-rc3
v5.16-rc4
v5.16-rc5
v5.16-rc6
v5.16-rc7
v5.16-rc8
v5.17
v5.17-rc1
v5.17-rc2
v5.17-rc3
v5.17-rc4
v5.17-rc5
v5.17-rc6
v5.17-rc7
v5.17-rc8
v5.18
v5.18-rc1
v5.18-rc2
v5.18-rc3
v5.18-rc4
v5.18-rc5
v5.18-rc6
v5.18-rc7
v5.19
v5.19-rc1
v5.19-rc2
v5.19-rc3
v5.19-rc4
v5.19-rc5
v5.19-rc6
v5.19-rc7
v5.19-rc8

v6.*

v6.0
v6.0-rc1
v6.0-rc2
v6.0-rc3
v6.0-rc4
v6.0-rc5
v6.0-rc6
v6.0-rc7
v6.0.1
v6.0.2
v6.0.3
v6.0.4
v6.0.5
v6.1-rc1

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174995013714320549312491029557963206983",
                    "225741083891792501969837686478156582262",
                    "81222237700166858020079920688084111624",
                    "173599409874349972975915198875107105558"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa5a70bdd5e565c8696fb04dfe18a4e8aff4695d",
            "deprecated": false,
            "target": {
                "file": "fs/cifs/smb2pdu.c"
            },
            "signature_type": "Line",
            "id": "CVE-2022-50372-1d4a893a"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1791.0,
                "function_hash": "237151727711306910492846824016481450173"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@fa5a70bdd5e565c8696fb04dfe18a4e8aff4695d",
            "deprecated": false,
            "target": {
                "file": "fs/cifs/smb2pdu.c",
                "function": "SMB2_sess_auth_rawntlmssp_negotiate"
            },
            "signature_type": "Function",
            "id": "CVE-2022-50372-76c06b09"
        },
        {
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174995013714320549312491029557963206983",
                    "225741083891792501969837686478156582262",
                    "81222237700166858020079920688084111624",
                    "173599409874349972975915198875107105558"
                ]
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30b2d7f8f13664655480d6af45f60270b3eb6736",
            "deprecated": false,
            "target": {
                "file": "fs/cifs/smb2pdu.c"
            },
            "signature_type": "Line",
            "id": "CVE-2022-50372-e2aa1a04"
        },
        {
            "signature_version": "v1",
            "digest": {
                "length": 1797.0,
                "function_hash": "272148982756727382559083108072129359860"
            },
            "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@30b2d7f8f13664655480d6af45f60270b3eb6736",
            "deprecated": false,
            "target": {
                "file": "fs/cifs/smb2pdu.c",
                "function": "SMB2_sess_auth_rawntlmssp_negotiate"
            },
            "signature_type": "Function",
            "id": "CVE-2022-50372-fe6196cc"
        }
    ]
}

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.0.6